Fiksailtu oikeushärdelliä lisää

Tuomas Riihimäki
Commit 04070bc1 authored Aug 21, 2010 by Tuomas Riihimäki
Showing with 78 additions and 63 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
code/LanBortalWeb/WebContent/permissionDenied.xhtml
code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/BortalExceptionHandler.java
code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
code/LanBortalWeb/src/fi/insomnia/bortal/view/RoleView.java
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
code/LanBortalWeb/src/resources/i18n_en.properties
code/LanBortalWeb/src/resources/i18n_fi.properties
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
@@ -18,10 +18,8 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.enums.Permission;
 import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.exceptions.PermissionDeniedException;
-import fi.insomnia.bortal.facade.RoleFacade;
 import fi.insomnia.bortal.facade.UserFacade;
 import fi.insomnia.bortal.model.AccessRight;
-import fi.insomnia.bortal.model.LanEvent;
 import fi.insomnia.bortal.model.Role;
 import fi.insomnia.bortal.model.RoleRight;
 import fi.insomnia.bortal.model.User;
@@ -101,10 +99,10 @@ public class UserBean implements UserBeanLocal {
        return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getNick());
    }
-    public boolean isLoggedIn()
+    public boolean isLoggedIn() {
-    {
        return !getAnonUser().equals(getCurrentUser());
    }
    @Override
    public User getCurrentUser() {
        Principal principal = context.getCallerPrincipal();
@@ -204,4 +202,32 @@ public class UserBean implements UserBeanLocal {
        return this.hasPermission(permission, getCurrentUser(), rolePermission);
    }
+    @Override
+    public void fatalPermission(Permission target, RolePermission permission, Object... failmessage) {
+        fatalPermission(getCurrentUser(), target, permission, failmessage);
+    }
+    @Override
+    public void fatalPermission(User user, Permission target, RolePermission permission, Object... failmessage) {
+        boolean ret = hasPermission(target, user, permission);
+        if (!ret) {
+            String message = null;
+            if (failmessage == null || failmessage.length == 0) {
+                message = new StringBuilder("SessionHandler mbean permission exception: Target: ")
+                        .append(target.toString())
+                        .append(", Permission: ")
+                        .append(permission.toString())
+                        .toString();
+            } else {
+                StringBuilder msgbuilder = new StringBuilder();
+                for (Object part : failmessage) {
+                    msgbuilder.append(part.toString());
+                }
+                message = msgbuilder.toString();
+            }
+            throw new PermissionDeniedException(secubean, getCurrentUser(), message);
+        }
+    }
 }
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
@@ -32,6 +32,10 @@ public interface UserBeanLocal {
    boolean isLoggedIn();
+    void fatalPermission(User user, Permission target, RolePermission permission, Object ... failmessage);
+    void fatalPermission(Permission target, RolePermission permission, Object ... failmessage);

--- a/code/LanBortalWeb/WebContent/permissionDenied.xhtml
+++ b/code/LanBortalWeb/WebContent/permissionDenied.xhtml
@@ -10,7 +10,11 @@
 	<ui:composition template="/layout/insomnia1/template.xhtml">
 	<ui:param name="thispage" value="page.permissionDenied" />
 		<ui:define name="content">
-			<h1>Permission Denied!</h1>
+			<h1>#{i18n['permissiondenied.header']}</h1>
+			<p>
+			<h:outputText rendered="#{!sessionHandler.isLoggedIn()}" value="#{i18n['permissiondenied.notLoggedIn']}" />
+			<h:outputText rendered="#{sessionHandler.isLoggedIn()}" value="#{i18n['permissiondenied.alreadyLoggedIn']}" />
+			</p>
 		</ui:define>
 	</ui:composition>
 </h:body>

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/BortalExceptionHandler.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/BortalExceptionHandler.java
@@ -45,7 +45,7 @@ public class BortalExceptionHandler extends ExceptionHandlerWrapper {
                errorpage(i, t, "viewExpired");
            }
            Throwable cause = t;
-            while (cause != null) {
+            for(int loop = 0; loop < 20 && cause != null; ++loop) {
                logger.debug("Cause not null, but {}, checking" + t.getClass().toString());
                if (cause instanceof PermissionDeniedException ||
                        cause instanceof EJBAccessException ||

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
@@ -19,6 +19,7 @@ import fi.insomnia.bortal.beans.SecurityBeanLocal;
 import fi.insomnia.bortal.beans.UserBeanLocal;
 import fi.insomnia.bortal.enums.Permission;
 import fi.insomnia.bortal.enums.RolePermission;
+import fi.insomnia.bortal.exceptions.PermissionDeniedException;
 import fi.insomnia.bortal.model.User;
 /**
@@ -44,12 +45,12 @@ public class SessionHandler {
    }
    public String getLocale() {
-        //TODO: Locale selection code missing
+        // TODO: Locale selection code missing
        return "en_ST_v7";
    }
    public String getLayout() {
-        //TODO: layout selection code missing!!
+        // TODO: layout selection code missing!!
        return "insomnia1";
    }
@@ -73,10 +74,12 @@ public class SessionHandler {
    }
    public boolean hasPermission(Permission target, RolePermission permission) {
-        if (target == null) {
+        if (target == null || permission == null) {
-            throw new RuntimeException("Empty target");
+            throw new RuntimeException("Empty target or permission!");
        }
-        return userbean.hasPermission(target, getUser(), permission);
+        boolean ret = userbean.hasPermission(target, getUser(), permission);
+        return ret;
    }
    public boolean hasPermission(String target, RolePermission permission) {
@@ -84,10 +87,6 @@ public class SessionHandler {
        return hasPermission(Permission.getPermission(target), permission);
    }
-    public boolean canWrite(Permission p) {
-        return hasPermission(p, RolePermission.WRITE);
-    }
    public boolean canWrite(String target) {
        return hasPermission(target, RolePermission.WRITE);
    }
@@ -96,21 +95,12 @@ public class SessionHandler {
        return hasPermission(target, RolePermission.READ);
    }
-    public boolean canRead(Permission target) {
-        return hasPermission(target, RolePermission.READ);
-    }
    public boolean canExecute(String target) {
        return hasPermission(target, RolePermission.EXECUTE);
    }
-    public boolean canExecute(Permission target) {
-        return hasPermission(target, RolePermission.EXECUTE);
-    }
    private boolean impersonating = false;
    public void impersonateUser(User user) {
        if (user == null) {
            this.thisuser = getUser();
@@ -146,11 +136,12 @@ public class SessionHandler {
        return "logout";
    }
-    public boolean isLoggedIn()
+    public boolean isLoggedIn() {
-    {
        boolean ret = userbean.isLoggedIn();
        return ret;
    }
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/view/RoleView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/view/RoleView.java
@@ -4,26 +4,28 @@
 */
 package fi.insomnia.bortal.view;
-import fi.insomnia.bortal.beans.EventBeanLocal;
-import fi.insomnia.bortal.beans.RoleBeanLocal;
-import fi.insomnia.bortal.beans.SecurityBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
-import fi.insomnia.bortal.exceptions.PermissionDeniedException;
-import fi.insomnia.bortal.handler.SessionHandler;
-import fi.insomnia.bortal.model.AccessRight;
-import fi.insomnia.bortal.model.Role;
-import fi.insomnia.bortal.model.RoleRight;
 import java.util.List;
 import javax.ejb.EJB;
 import javax.faces.bean.ManagedBean;
 import javax.faces.bean.ManagedProperty;
 import javax.faces.bean.SessionScoped;
 import javax.faces.model.DataModel;
 import javax.faces.model.ListDataModel;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import fi.insomnia.bortal.beans.EventBeanLocal;
+import fi.insomnia.bortal.beans.RoleBeanLocal;
+import fi.insomnia.bortal.beans.SecurityBeanLocal;
+import fi.insomnia.bortal.beans.UserBeanLocal;
+import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.RolePermission;
+import fi.insomnia.bortal.handler.SessionHandler;
+import fi.insomnia.bortal.model.Role;
+import fi.insomnia.bortal.model.RoleRight;
 /**
 * 
 * @author tuukka
@@ -43,6 +45,9 @@ public class RoleView {
    @EJB
    private SecurityBeanLocal securitybean;
+    @EJB
+    private UserBeanLocal userbean;
    private Role role;
    private DataModel<Role> items;
@@ -65,10 +70,7 @@ public class RoleView {
    public String save() {
-        if (!sessionhandler.canWrite(Permission.ROLE_MANAGEMENT)) {
+        userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE, "Does not have permission to modify role!");
-            // Give message to administration what happened here.
-            throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to modify role!");
-        }
        role = roleBean.mergeChanges(getRole());
@@ -76,7 +78,7 @@ public class RoleView {
    }
    public String editRoleRight() {
-        logger.info("Roleright array: {}" ,rolerights);
+        logger.info("Roleright array: {}", rolerights);
        RoleRight row = rolerights.getRowData();
        roleBean.mergeChanges(row);
        logger.info("Saving roleright {}, r {}, w {}, x {}", new String[] { row.getAccessRight().getName(), new Boolean(row.isRead()).toString(), new Boolean(row.isWrite()).toString(), new Boolean(row.isExecute()).toString() });
@@ -87,10 +89,7 @@ public class RoleView {
    public String create() {
-        if (!sessionhandler.canWrite(Permission.ROLE_MANAGEMENT)) {
+        userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE, "Does not have permission to create role!");
-            // Give message to administration what happened here.
-            throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to create role!");
-        }
        logger.debug("Creating role {}", getRole());
        role = roleBean.create(getRole());
@@ -101,7 +100,7 @@ public class RoleView {
        setRole(items.getRowData());
        rolerights = null;
        items = null;
        return "roleEdit";
    }

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
@@ -18,6 +18,7 @@ import fi.insomnia.bortal.beans.SecurityBeanLocal;
 import fi.insomnia.bortal.beans.JaasBeanLocal;
 import fi.insomnia.bortal.beans.UserBeanLocal;
 import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.exceptions.PermissionDeniedException;
 import fi.insomnia.bortal.handler.SessionHandler;
 import fi.insomnia.bortal.model.User;
@@ -54,10 +55,7 @@ public class UserView {
    }
    public String createUser() {
-        if (!getSessionhandler().canWrite(Permission.USER_MANAGEMENT)) {
+        userBean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE, "does not have permission to create user!");
-            // Give message to administration what happened here.
-            throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to create user!");
-        }
        if (null != userBean.getUser(login)) {
            FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(I18n.get("userview.userExists")));

--- a/code/LanBortalWeb/src/resources/i18n_en.properties
+++ b/code/LanBortalWeb/src/resources/i18n_en.properties
@@ -100,3 +100,7 @@ sidebar.role.create=Create role
 sidebar.role.list=List roles
 sidebar.map.placemap=Select places
+permissiondenied.header=Permission denied!
+permissiondenied.notLoggedIn=You are not authorized to view this page. Logging in may help.
+permissiondenied.alreadyLoggedIn=You are not authorized to view this page. If you think this is an error please contact the admins.
--- a/code/LanBortalWeb/src/resources/i18n_fi.properties
+++ b/code/LanBortalWeb/src/resources/i18n_fi.properties
@@ -4,12 +4,8 @@
 #
 global.cancel=Peruuta
-global.copyright=
-global.infomail=
 global.notauthorized=Sinulla ei ole riitt\u00e4vi\u00e4 oikeuksia t\u00e4lle sivulle.
-global.productname=
 global.save=Tallenna
-global.webpage=
 login.login=Kirjaudu sis\u00e4\u00e4n
 login.logout=Kirjaudu ulos
 login.logoutmessage=Olet kirjautunut ulos j\u00e4rjestelm\u00e4st\u00e4.
@@ -17,13 +13,6 @@ login.password=Salasana
 login.submit=Kirjaudu sis\u00e4\u00e4n
 login.username=K\u00e4ytt\u00e4j\u00e4tunnus
 nasty.user=Wait, wot! Mene pois!
-page.auth.login.header=
-page.auth.login.loginerror=
-page.auth.login.logout=
-page.auth.login.pagegroup=
-page.auth.login.title=
-page.index.pagegroup=
-page.viewexpired=
 placeSelect.placesleft=Paikkoja j\u00e4ljell\u00e4
 product.barcode=Viivakoodi
 product.create=Luo tuote